Skip to content

Posts tagged ‘cybersecurity’

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

Bottom Line: By securing every endpoint with a persistent connection and the resiliency to autonomously self-heal, CIOs are finding new ways to further improve network security by capitalizing on each IT assets’ intelligence.

Capturing real-time data from IT assets is how every organization can grow beyond its existing boundaries with greater security, speed, and trust. Many IT and cybersecurity teams and the CIOs that lead them, and with whom I’ve spoken with, are energized by the opportunity to create secured perimeterless networks that can flex in real-time as their businesses grow. Having a persistent connection to every device across an organizations’ constantly changing perimeter provides invaluable data for achieving this goal. The real-time data provided by persistent device connections give IT and cybersecurity teams the Asset Intelligence they need for creating more resilient, self-healing endpoints as well.

How Asset Intelligence Drives Stronger Endpoint Security 

Real-time, persistent connections to every device in a network is the foundation of a strong endpoint security strategy. It’s also essential for controlling device operating expenses (OPEX) across the broad base of device use cases every organization relies on to succeed. Long-term persistent connections drive down capital expenses (CAPEX) too, by extending the life of every device while providing perimeterless growth of the network. By combining device inventory and analysis, endpoint data compliance with the ability to manage a device fleet using universal asset management techniques, IT and cybersecurity teams are moving beyond Asset Management to Asset Intelligence. Advanced analytics, benchmarks, and audits are all possible across every endpoint today. The following are the 10 ways Asset Intelligence improves cybersecurity resiliency and persistence:

  • Track, trace and find lost or stolen devices on or off an organizations’ network in real-time, disabling the device if necessary. Every device, from laptops, tablets, and smartphones to desktops and specialized use devices are another threat surface that needs to be protected. Real-time persistent connections to each of these devices make track-and-trace possible, giving CIOs and their teams more control than had been possible before. Real-time track-and-trace data combined with device condition feedback closes security blind spots too. IT and cybersecurity teams can monitor every device and know the state of hardware, software, network and use patterns from dashboards. Of the endpoint providers in this market, Absolute’s approach to providing dashboards that provide real-time visibility and control of every device on a network is considered state-of-the-art. An example of Absolute’s dashboard is shown below:

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

  • Asset Intelligence enables every endpoint to autonomously self-heal themselves and deliver constant persistence across an organization’s entire network. By capitalizing on the device, network, threat, and use data that defines Asset Intelligence, endpoint agents learn over time how to withstand breach attempts, user errors, and malicious attacks, and most importantly, how to return an endpoint device to its original safe state. Asset Intelligence is the future of endpoint security as it’s proving to be very effective at enabling self-healing persistence across enterprise networks.
  • Asset Intelligence solves the urgent problem created from having 10 or more agents installed on a single endpoint that collide, conflict and decay how secure the endpoint is. Absolute Software’s 2019 Endpoint Security Trends Report found that the more agents that are added to an endpoint, the greater the risk of a breach. Absolute also found that a typical device has ten or more endpoint security agents installed, often colliding and conflicting with the other. MITRE’s Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone.
  • Asset Intelligence sets the data foundation for achieving always-on persistence by tracking every devices’ unique attributes, identifiers, communication log history and more. Endpoint security platforms need a contextually-rich, real-time stream of data to know how and when to initialize the process of autonomously healing a given endpoint device. Asset Intelligence provides the centralized base of IT security controls needed for making endpoint persistence possible.
  • Having a real-time connection to every device on a perimeterless network contributes to creating a security cloud stack from the BIOS level that delivers persistence for every device. CIOs and CISOs interested in building secured perimeterless networks are focused on creating persistent, real-time connections to every device as a first step to creating a security cloud stack from each devices’ BIOS level. They’re saying that the greater the level of Asset Intelligence they can achieve, the broader they can roll out persistence-based endpoints across their networks that have the capacity to self-diagnose and self-heal.
  • Device fleets are churning 20% a year or more, increasing the urgency CIOs have for knowing where each device is and its current state, further underscoring Asset Intelligence’s value. Gavin Cockburn of ARUP is the global service lead for workplace automation and endpoint management, including how the firm acquires devices, manages and reclaims them. ARUP is using the Absolute Persistence platform for managing the many high-value laptops and remote devices their associates use on global projects. During a recent panel discussion he says that device replacements “becomes part of our budgeting process in that 33% of devices that we do replace every year, we know where they are.” Gavin is also using API calls to gain analytical data to measure how devices are being used, if the hard drive is encrypted or not and run Reach scripts to better encrypt a device if there is not enough security on them.
  • The more Asset Intelligence an organization has, the more they can predict and detect malware intrusion attempts, block them and restore any damage to any device on their perimeter. When there’s persistent endpoint protection across a perimeterless network, real-time data is enabling greater levels of Asset Intelligence which is invaluable in identifying, blocking and learning from malware attempts on any device on the network. Endpoint protection platforms that have persistence designed in are able to autonomously self-heal back to their original state after an attack, all without manual intervention.
  • Persistent endpoints open up the opportunity of defining geofencing for every device on a perimeterless network, further providing valuable data Asset Intelligence platforms capitalize on. Geofencing is proving to be a must-have for many organizations that have globally-based operations, as their IT and cybersecurity teams need to track the device location, usage, and compliance in real-time. Healthcare companies are especially focused on how Asset Intelligence can deliver geofencing at scale. Janet Hunt, Senior Director, IT User Support at Apria Healthcare recently commented during a recent panel discussion that “our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one PC or actually two PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device and see what happens. It’s one of the best things we’ve done for ourselves.”  Gavin Cockburn says, “We actually do some kind of secretive work, government work and we have these secure rooms, dotted around the organization. So we know if we put a device in that room, what we do is, what we say is this device only works in this area and we can pinpoint that to a pretty decent accuracy.”  From healthcare to secured government contracting, geofencing is a must-have in any persistent endpoint security strategy.
  • Automating customer and regulatory audits and improving compliance reporting by relying on Asset Intelligence alleviates time-consuming tasks for IT and cybersecurity teams. When persistent endpoint protection is operating across an organization’s network, audit and compliance data is captured in real-time and automatically fed into reporting systems and dashboards. CIOs and their cybersecurity teams are using dashboards to monitor every device’s usage patterns, audit access, and application activity, and check for compliance to security and reporting standards. Audits and compliance reporting are being automated today using PowerShell, BASH scripts and API-based universal asset commands. Gavin Cockburn of ARUP mentioned how his firm gives customers the assurance their data is safe by providing them ongoing audits while project engagements are ongoing. “We need to show for our clients that we look after their data and we can prove that. And we show that again and again. I mean similar story, we’ve seen machines go missing, either breaking into cars, re-image three times. We wipe it every time. Put the new hard drive in, think it might be a hard drive issue, it wipes again. We never see it come online again, “ he said.
  • Asset Intelligence improves data hygiene, which has a direct effect on how effective all IT systems are and the customer experiences they deliver. CIOs and their teams’ incentives center on how effective IT is at meeting internal information needs that impact customer experiences and outcomes. Improving data hygiene is essential for IT to keep achieving their incentive plans and earning bonuses. As Janet Hunt, Senior Director, IT User Support at Apria Healthcare said, “right now we are all about hygiene and what I mean by that is we want our data to be good. We want all the things that make IT a valued partner with the business operation to be able to be reliable.” The more effective any organization is at achieving and sustaining a high level of data hygiene, the more secure their perimeterless network strategies become.

 

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

  • More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany.
  • More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies.
  • 12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.
  • Associates most often use shadow IT devices to access social media (39%), followed by downloading apps (24%), games (13%), and films (7%). Hackers, organized crime and state-sponsored cybercrime organizations rely on social engineering hacks, phishing, and malware injection across these four popular areas to gain access to enterprise networks and exfiltrate data.

Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in).

Shadow IT’s Security Gaps Create New Opportunities For Hackers

Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on. The holidays create new opportunities for these organizations to capitalize on security gaps using social engineering hacks, phishing, malware injection and more. “With cybercriminals increasingly exploiting vulnerable devices, as well as targeting employees’ insecure usage of these devices, it is crucial for enterprise IT teams to discover what’s lurking on their networks and actively defend against the threats introduced,” Gary Cox, Technology Director, Western Europe for Infoblox said. Just a few of the many threats include the following:

  • A quick on-ramp for hackers to exfiltrate data from enterprise systems. Every personal device left unprotected on an enterprise network is an ideal threat surface for hackers and other malicious actors to infiltrate an enterprise network from. The most common technique is to use DNS tunneling, which enables cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. Project Sauron was one particularly advanced threat, which allegedly went undetected for five years at a number of organizations that used DNS tunneling for data exfiltration.
  • Distributed Denial of Service (DDoS) attacks are often launched from a series of hijacked connected devices that are often the least protected threat surface on corporate networks. It’s common for DDoS attacks to begin with malicious actors hijacking any vulnerable device they can to launch repeated and frequent queries that bombard the Domain Name Server (DNS) with the intent of slowing down its ability to process legitimate queries, often to the point that it can no longer function.
  • Creating and targeting Botnet armies using vulnerable IoT devices to attack organizations’ enterprise systems is increasing, according to Verizon’s latest 2019 Data Breach Investigations Report. “Botnets are truly a low-effort attack that knows no boundaries and brings attackers either direct revenue through financial account,” according to Verizon’s 2019 study. Botnets are also being used to steal privileged access credentials to an enterprises’ systems that are being accessed from the same personal devices employees are using for social media access and shopping. There have been over 40,000 breaches initiated using botnets this year so far, according to Verizon. The report notes that a variant of the Mirai IoT botnet began scanning for vulnerable Drupal servers in April of this year and was successful in finding the most vulnerable systems globally to install crypto mining software. The attack is known as Drupalgeddon2, and the scope of its vulnerabilities are still being discovered today.
  • Unsecured personal devices connected to enterprise networks are ransomware landing zones. 70% of all malware attacks happen in healthcare according to Verizon’s 2019 Data Breach Investigations Report because patient health records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record. Ransomware is a form of malware that, once it takes over a computer or network, threatens to deny access to or destroy an organizations’ data. Ransomware can easily intercept an enterprise network after being accidentally downloaded by an employee on either a business or personal device connected to a network.

Where To Start: Secure The Networks Shadow IT Relies On

Chief Information Security Officers (CISOs) have told me that the most challenging aspect of securing the proliferation of shadow IT devices is protecting the multitude of remote locations that together form their distributed networks. They’re saying that in 2020, enabling network security is the greatest challenge their enterprises will face. More enterprises are adopting cloud-based DDI platforms that enable enterprises to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Leaders in this area include Infoblox, a leader in SD-WAN and cloud-based DDI platforms for enterprises. Here are the most common strategies they’re relying on to secure their distributed networks based on the proliferation of personal devices:

  • Integrating threat intelligence data to evaluate if specific sites and applications are high risk or not. IT administrators need to deploy solutions that allow them to build safeguards that will prevent potential dangerous activity occurring on the network. Integrating threat intelligence data into DNS management enables security teams to monitor and prevent access to Newly Observed Domains. Many new domains will be set up ahead of phishing and/or spear-phishing campaign, so in preventing access to these sites, organizations can reduce the risk of employees accidentally introducing malware through clicking through to insecure links on personal devices connected to the enterprise network.
  • Set the goal of achieving full visibility across distributed networks by starting with a plan that considers cloud-based DDI platforms. CISOs and the IT teams working with them need to translate their policies into action by achieving more unified visibility by upgrading their core network services, including DNS, DHCP, and IP address management, on cloud-based DDI platforms to bring greater security scale and reliability across their enterprise networks.
  • Design in greater DNS security at the network level. Enterprise networks are heavily reliant on DNS, making them an area malicious actors attempt to disrupt in their broader efforts to exfiltrate valuable data from organizations. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats – leaving organizations vulnerable to highly aggressive, rapidly proliferating attacks. When secured, the DNS can act as an organization’s first line of defense. The DNS can provide essential context and visibility, so IT teams can be alerted of any network anomalies, report on what devices are joining and leaving the network, and resolve problems faster.

Conclusion

Bring Your Own Device (BYOD) initiatives’ benefits far outweigh the costs, making the business case for BYOD overwhelming positive, as seen in how financial services firms stay secure.  Enterprises need to consider adopting a cloud-based DDI platform approach that enables them to simplify the management of highly distributed remote networks as well as to optimize the network performance of cloud-based applications. Many CISOs are beginning to realize the model of relying on centralized IT security isn’t scaling to support and protect the proliferation of user devices with internet access, leaving employees, branch offices, and corporate networks less secure than ever before. Every IT architect, IT Director, or CIO needs to consider how taking an SDWAN-based approach to network management reduces the risk of a breach and data exfiltration.

 

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Tim Steinkopf is CEO at Centrify, where he leads the management, strategic direction, and execution of the company’s vision. Tim initially joined Centrify as Chief Financial Officer in October 2011 and took over as CEO in January 2019. Before Centrify, he held CFO positions at Secure Computing Corporation (acquired by McAfee), SumTotal Systems, Purfresh, and Silicon Entertainment. Tim has also held executive and management positions with Watt/Peterson and Ernst & Young.

Under Tim’s leadership, Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. Centrify’s many honors include being awarded Gartner Peer Insights Customer’s Choice 2019 award earlier this year.

Tim is also a member of the Forbes Tech Council, and his latest article, Five Skills Necessary To Transition From CFO to CEO, shares how the lessons he learned from serving as a CFO for over two decades prepared him for the role of CEO. He says the one clear key attribute of CFOs is the ability to apply a metrics-driven approach to all facets of a business. The ability to orchestrate initiatives, programs, and strategies across the many departments of a company and have them all contribute to the metrics that define organizational success is vital and provides CFOs invaluable training in their progression to leading a company.

I had the opportunity to sit down with Tim recently for an executive Q&A to learn how Centrify is separating itself from the pack in crowded cybersecurity space, under his leadership and in partnership with private equity investor Thoma Bravo:

Louis:            Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. What are the most effective growth strategies that also deliver strong profitability today that keep Centrify growing?

Tim:                I’m going to break this into two pieces because I think there’s a difference between growth versus profitability.

On the growth side, you can only attain the Inc. 5000 ranking by looking at a cumulative period of time. So, it isn’t that we’ve just grown for six years, it’s that we’ve had the ability to sustain growth over a rolling four-year period. To maintain placement on that list, we’ve had to excel at the details of how we serve our customers. It is quite an accomplishment and congratulations to all the current and former Centrify employees who were involved in that.

The real driver is our history of innovation. Centrify has always been an innovator, and we’ve always paid attention to our market, our drivers, and what our customers are saying. We’re trying to be a step or two ahead of our customers. If you’re able to do that, and you’re able to continue to innovate, then you can drive additional adoption of your solution set, and continue to drive growth.

Profitability does go hand in hand, but it’s slightly different because now you’re talking about effective, efficient growth. As CFO, I always had an eye on ROI and how to put capital, resources, and additional headcount to use, such that we could drive growth. Then you often ask yourself if you are driving it as efficiently as possible. And that’s where making the right kind of bets in technology for running and growing the business make a difference. It’s also about deploying into the correct markets so that you can land and then sustain growth.

Louis:            In a previous interview, you mentioned the need for balanced metrics and change management strategies. Would you like to comment on those aspects of being a CEO?

Tim:                It all comes down to the role of the CEO, leading a company to accomplish its goals. CEOs report to the board of directors, who ultimately set the goals for any company. And when you’re a CEO, you want to do everything possible to get to those goals. Knowing how the different parts of the company run and knowing where and how to allocate resources and change management all contributes to achieving the company’s goals.

Louis:            How has Thoma Bravo, after becoming the majority investor in Centrify, helped your company pursue new partner, product, and service initiatives?

Tim:               TB is known for placing winning bests, and investing in Centrify is a real feather in our cap. It’s seen by partners, prospects, and customers as a vote of confidence. We’ve been in business for over 15 years, are perennially in the Gartner Magic Quadrant, a leader in the Forrester Wave, and a leader in the channel as recognized by Computer Reseller news. We’ve got our own pedigree, and that’s great. Then you add on the fact that TB is a majority investor, and our reputation is even stronger.

Regarding product and service initiatives, TB spends a lot of time and effort on each investment, and they have a great track record, specifically in InfoSec and cybersecurity. They came in and said, “Hey, our investment thesis is to take Centrify and split it into two companies, where each will have a better ability to focus and compete, and that will drive more efficient resource allocation, and growth opportunities.” Centrify current iteration formed as a result of the investment thesis being implemented, and we’re excelling in our chosen market.

Louis:            Gartner Peer Insights awarded Centrify with the 2019 Customer’s Choice recognition recently. What do you attribute your customers’ success to, and their willingness to share their stories online on forums include Gartner’s Peer Insights and others? They’re so critical to sale cycles right now.

Tim:                Customer references are so important, and this is where we have to give credit to the greater Centrify organization. We have a customer-centric attitude, and that is why our customers are willing to speak up, which gives us the opportunity to compete and win awards, including Customer’s Choice 2019 and others.

Behind the scenes, it includes building and delivering a solid solution set combined with services. Once our solution is installed, we work quickly and in close collaboration with our customers to make sure it’s working and meeting their requirements. We view every customer relationship as a partnership, and how we implement our identity-centric PAM solutions for them is essential to a successful journey for them. We measure our success by our customers’ results, and if they are achieving their goals.

Louis:            Privileged Access Management (PAM) shows potential in 2020 as a growth market. What are Centrify’s plans to capitalize on this market momentum?

Tim:                That’s absolutely the market we’re in and serving customers with solutions for today. Going back 10 to 15 years, legacy approaches to PAM were thought of only in terms of password vaulting. We’ve strived to stay in step with our customers, as they’ve shown us that deploying a vault-only approach to PAM is not enough. They need to move beyond the vault and move to an identity-centric approach.

When organizations deploy a vault-only solution, they’re enabling login with shared admin or root accounts, and so that is a generic approach that is not identity-centric. Centrify’s solution helps organizations to centralize authentication and have their employees request access to specific resources with specific privilege elevation rights while also tracking all activity for audits, compliance, forensics, and regulatory purposes. Our customers place a high value on all of these aspects of our solution as it provides non-repudiation across their environments and better protects resources against cyberthreats.

The real potential for growth are the drivers moving PAM beyond the vault. It’s becoming more identity-centric, with a least privilege access approach. That message is resonating across the industry, and people get it. The biggest driver is the fact that 80% of the breaches are occurring because privileged credentials are getting compromised. Since they’re not identity-centric, too much privilege exists, which means the attack surface is greater, and it continues to get breached.

Louis:            What are the most challenging aspects of being CEO of a fast-growing cyber security company today?

Tim:                The most challenging aspects of being a CEO are the most exciting. One of the most energizing is competing in a very dynamic market. That’s what motivates me and why I’ve been in tech a long time.

Advances in technology drive the market, and it motivates companies, customers, and investors to take advantage of those advances and drive their business forward. At Centrify, our core focus is to capitalize on technology gains to help our customers achieve their goals by bringing new products to market. These include cloud, Infrastructure-as-a-Service (IaaS), machine learning, and other key strategic technologies. We’re always interested in utilizing new technologies, as the bad actors are also doing their own development of new ways to compromise our customers and their systems. They are looking for the weakest link.

We are completely committed to what we’re doing to stay ahead of those bad actors. Since technology continues to evolve and change, it makes the industry/market very dynamic.

Louis:            When you visit with Centrify customers, what’s the most interesting feedback you’re hearing from them?

Tim:                Our customer is normally the infrastructure and/or security people and teams. Who we primarily interact with is determined by the structure of a given customer’s organization. The people deploying, running, and supporting the networks and IT environments, who are responsible for those areas, are who we primarily work with.

The one common theme we hear from them is that they’re just trying to keep up. They look to us for help doing that, specifically how they can make privileged access management more efficient and effective across their organizations. Our customers look to Centrify so they can capitalize on our decades of expertise and complete commitment to providing privileged access management solutions that scale with their business.

They all know that it only takes one compromised, privileged credential to ruin their day, affecting millions of customers and costing hundreds of thousands (or millions) of dollars. One of our challenges in helping our customers is to help them face the challenge of educating upwards in their organizations as to the importance of having the proper tools for cybersecurity.

Louis:            When you get invited into a prospect’s bake-off to compare PAM vendors, why does Centrify win? And how do you proceed into a Proof of Concept following winning a bake-off?

Tim:                The number one reason we win is because we have a strong vision around identity-centric privileged access management. In addition, many organizations are undergoing digital transformations, and the majority of organizations have a hybrid IT and cloud environment. This includes on-premises, hybrid cloud and multi-cloud environments, and ephemeral environments. The ability to manage all of those different aspects with a central approach to identity is much more efficient and effective in the long run.

We see customers looking to make this their ongoing infrastructure deployment strategy, which will set them up for the future. That, and having a more encompassing solution set that addresses their greatest security risks are how we are differentiating today.

Louis:            Your customer base appears to have a robust multi-cloud strategy, combining AWS, Microsoft Azure, and Google Cloud Platform. What’s a major challenge many are facing when migrating to cloud, and what does the future look like in terms of securing their identity and privileged access?

Tim:                Multi-cloud didn’t really shape our strategy because we are based on a central repository for identity. Implicit in that approach is having everybody log in as themselves while providing them the freedom to do their jobs. And when it comes to least privileged access, we focus on allowing just enough access to every member to get their work done, while tracking every login to ensure compliance.

We’ve always supported that vision with an architecture that would span on-premises and cloud systems because nobody is going to completely do multi-cloud overnight. It’s a journey that begins by recognizing the business need for a hybrid IT environment that includes multi-cloud integration and platforms.

Our architecture is based on a cloud-based privileged access service that connects to wherever our customer’s identity store is. Through the use of cloud connectors, we can provide centralized identity and privileged access into your workloads running within a Virtual Private Cloud (VPC). We find most customers have multiple VPCs and their architected to be generic, which reflects the fact our customers end up with more than one infrastructure as a service platform provider. We’re able to handle that and provide privileged access management across all those environments.

It’s the strength of our privileged access service and our cloud connectors give our customers the option of selecting a thin client that deploys on their workloads within different VPCs, and then comes back to the service and communicates with various connected identity stores. It’s designed to be a very efficient architecture, and it plays well in ephemeral, quickly-changing elastic environments to support the requirements and scale needs of the business. Our architecture flexes and provides identity and privileged access management across their unique cloud and on-premise system configurations.

 

Why Cybersecurity Needs To Focus More On Customer Endpoints

Why Cybersecurity Needs To Focus More On Customer Endpoints

  • Cloud-based endpoint protection platforms (EPP) are proliferating across enterprises today as CIOs and CISOs prioritize greater resiliency in their endpoint security strategies going into 2020.
  • Gartner predicts that Global Information Security and Risk Management end-user spending is forecast to grow at a five-year CAGR of 9.2% to reach $174.5 billion in 2022, with approximately $50B spent on endpoint security.
  • Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
  • 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

There’s a surge of activity happening right now in enterprises that are prioritizing more resiliency in their endpoint security strategies going into 2020. The factors motivating CIOs, CISOs, IT, and Practice Directors to prioritize endpoint resiliency include more effective asset management based on real-time data while securing and ensuring every endpoint can heal itself using designed-in regenerative software at the BIOS level of every device. CIOs say the real-time monitoring helps reduce asset management operating expense, a big plus many of them appreciate give their tight budgets. Sean Maxwell, Chief Commercial Officer at Absolute, says, “Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning.”

The Endpoint Market Is Heating Up Going Into 2020

Over thirty vendors are competing in the endpoint security market right now. A few of the most interesting are Absolute Software, Microsoft, Palo Alto Networks, and others who are seeing a surge of activity from enterprises based on discussions with CIOs and CISOs. Absolute Software’s Persistence self-healing endpoint security technology is embedded in the firmware of more than 500 million devices and gives CIOs, CISOs and their team’s complete visibility and control over devices and data. Absolute is the leading visibility and control platform that provides enterprises with tamper-proof resilience and protection of all devices, data, and applications.

Like Absolute, Microsoft is unique in how they are the only vendor to provide built-in endpoint protection at the device level, with the core focus being on the OS. Windows 10 has Windows Defender Antivirus now integrated at the OS level, the same System Center Endpoint Protection delivers in Windows 7 and 8 OS. Microsoft Defender Advanced Threat Protection (ATP) incident response console aggregates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP, and Active Directory, in addition to Azure.

Further evidence of how enterprise customers are placing a high priority on endpoint security is the increase in valuations of key providers in this market, including Absolute Software (TSE: ABT) and others. Absolute’s stock price has jumped 13% in just a month, following their latest earnings announcement on November 12th with a transcript of their earnings call here. Absolute’s CEO Christy Wyatt commented during the company’s most recent earnings call that, “The ability to utilize near real-time data from the endpoint to… to deliver actionable insights to IT about where controls are failing and the ability to apply resilience to self-heal and reinforce those security controls will become a critical skill for every one of our customers. This is the essence of Absolute’s platform, which adds resiliency to our customer’s operations.” It’s evident from what CIOs and CISOs are saying that resiliency is transforming endpoint security today and will accelerate in 2020.

Key Takeaways From Conversations With Enterprise Cybersecurity Leaders

The conversations with CIOs, CISOs, and IT Directors provided valuable insights into why resiliency is becoming a high priority for endpoint security strategies today. The following are key takeaways from the conversations:

  • Known humorously as the “fun button” cybersecurity teams enjoy being able to brick any device any time while monitoring the activity happening on it in real-time. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA), and one had been resold on the back market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded, at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image re-build “brick me.”
  • IT budgets for 2020 are flat or slightly up, with many CIOs being given the goal of reducing asset management operating expenses, making resiliency ideal for better managing device costs. The more effectively assets are managed, the more secure an organization becomes. That’s another motivating factor motivating enterprises to adopt resiliency as a core part of the endpoint security strategies.
  • One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
  • Endpoints enabled with Resiliency have proven their ability to autonomously self-heal themselves, earning the trust of CIOs and CISOs, who are adopting Absolute to alleviate costly network interruptions and potential breaches in the process. 19% of endpoints across a typical IT network require at least one client or patch management repair monthly, according to Absolute’s 2019 Endpoint Security Trends Report. The report also found that increasing security spending on protecting endpoints doesn’t increase an organizations’ safety – and in some instances, reduces it. Having a systematic, design-in solution to these challenges gives CIOs, CISO, and their teams greater peace of mind and reduces expensive interruptions and potential breaches that impede their organizations’ growth.

 

10 Predictions How AI Will Improve Cybersecurity In 2020

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

7 Ways AI Reduces Mobile Fraud Just In Time For The Holidays

7 Ways AI Reduces Mobile Fraud Just In Time For The Holidays

  • There has been a 680% increase in global fraud transactions from mobile apps from October 2015 to December 2018, according to RSA.
  •  70% of fraudulent transactions originated in the mobile channel in 2018.
  • RSA’s Anti-Fraud Command Center saw phishing attacks increase 178% after leading banks in Spain launched instant transfer services.
  • Rogue mobile apps are proliferating with, 20% of all reported cyberattacks originating from mobile apps in 2018 alone.

On average, there are 82 new rogue applications submitted per day to any given AppExchange or application platform, all designed to defraud consumers. Mobile and digital commerce are cybercriminals’ favorite attack surfaces because they are succeeding with a broad base of strategies for defrauding people and businesses.

Phishing, malware, smishing, or the use of SMS texts rather than email to launch phishing attempts are succeeding in gaining access to victims’ account credentials, credit card numbers, and personal information to launch identity theft breaches. The RSA is seeing an arms race between cybercriminals and mobile OS providers with criminals improving their malware to stay at parity or leapfrog new versions and security patches of mobile operating systems.

Improving Mobile Fraud Prevention With AI And Machine Learning

Creating a series of rogue applications and successfully uploading them into an AppExchange or application store gives cybercriminals immediate access to global markets. Hacking mobile apps and devices is one of the fastest-growing cybercriminal markets, one with 6.8B mobile users worldwide this year, projected to increase to 7.3B in 2023, according to The Radicati Group. The total number of mobile devices, including both phones and tablets, will be over 13B by the end of 2019, according to the research firm. And a small percentage of mobile fraud transactions get reported, with mobile fraud losses reported totaling just over $40M across 14,392 breaches according to the U.S. Federal Trade Commission. Mobile fraud is an epidemic that needs to be fought with state-of-the-art approaches based on AI and machine learning’s innate strengths.

Traditional approaches to thwarting digital fraud rely on rules engines that thrive on detecting and taking action based on established, known patterns, and are often hard-coded into a merchant’s system. Fraud analyst teams further customize rules engines to reflect the unique requirements of the merchants’ selling strategies across each channel. Fine-tuning rules engines makes them effective at recognizing and taking action on known threat patterns. The challenge for every merchant relying on a fraud rules engine is that they often don’t catch the latest patterns in cybercriminal activity. Where rules-based approaches to digital fraud don’t scale, AI, and machine learning do.

Exploring The 7 Ways AI Is Reducing Mobile Fraud

Where rules engines are best suited for spotting existing trends in fraud activity, machine learning excels at classifying observations (called supervised machine learning) and finding anomalies in data by finding entirely new patterns and associations (called unsupervised machine learning). Combining supervised and unsupervised machine learning algorithms are proving to be very effective at reducing mobile fraud. The following are the seven ways AI and machine learning are reducing mobile fraud today:

  1. AI and machine learning reduce false positives by interpreting the nuances of specific behaviors and accurately predicting if a transaction is fraudulent or not. Merchants are relying on AI and machine learning to reduce false positives, saving their customers from having to re-authenticate who they are and their payment method. A false positive at that first interaction with a customer is going to reduce the amount of money that they spend with a merchant, so it’s very important to interpret each transaction accurately.
  2. Identifying and thwarting merchant fraud based on anomalous activity from a compromised mobile device. Cybercriminals are relying on SIM swapping to gain control of mobile devices and commit fraud, as the recent hack of Twitter’s founder Jack Dorsey illustrates. Hackers were able to transfer his telephone number using SIM swapping and by talking Dorsey’s mobile service provider to bypass the account passcode. Fortunately, only his Twitter account was hacked. Any app or account accessible on his phone could have been breached, leading to fraudulent bank transfers or purchases. The attack could have been thwarted if Jack Dorsey’s mobile service provider was using AI-based risk scoring to detect and act on anomalous activity.
  3. AI and machine learning-based techniques scale across a wider breadth of merchants than any rules-based approach to mobile fraud prevention can. Machine learning-based models scale and learn across different industries in real-time, accumulating valuable data that improves payment fraud prediction accuracy. Kount’s Universal Data Network is noteworthy, as it includes billions of transactions over 12 years, 6,500 customers, 180+ countries and territories, and multiple payment networks. That rich data feeds Kount’s machine learning models to detect anomalies more accurately and reduce false positives and chargebacks.
  4. Combining supervised and unsupervised machine learning algorithms translates into a formidable speed advantage, with fraudulent transactions identified on average in 250 milliseconds. Merchants’ digital business models’ scale and speed are increasing, and with the holidays coming up, there’s a high probability many will set mobile commerce sales records. The merchants who will gain the most sales are focusing on how security and customer experience can complement each other. Being able to approve or reject a transaction within a second or less is the cornerstone of an excellent customer buying experience.
  5. Knowing when to use two-factor authentication via SMS or Voice PIN to reduce false negatives or not, preserving customer relationships in the process. Rules engines will often take a brute-force approach to authentication if any of the factors they’re tracking show a given transaction is potentially fraudulent. Requesting customers authenticate themselves after they’re logged into a merchant’s site when they attempt to buy an item is a sure way to lose a customer for life. By being able to spot anomalies quickly, fewer customers are forced to re-authenticate themselves, and customer relationships are preserved. And when transactions are indeed fraudulent, losses have been averted in less than a second.
  6. Provide a real-time transaction risk score that combines the strengths of supervised and unsupervised machine learning into a single fraud prevention payment score. Merchants need a real-time transaction risk score that applies to every channel they sell, though. Fraud rules engines had to be tailored to each specific selling channel with specific rules for each type of transaction. That’s no longer the case due to machine learnings’ ability to scale across all channels and provide a transaction risk score in milliseconds. Leaders in this area include Kount’s Omniscore, the actionable transaction safety rating that is a result of their AI, which combines patented, proprietary supervised and unsupervised machine learning algorithms and technologies.
  7. Combining insights from supervised and unsupervised machine learning with contextual intelligence of transactions frees up fraud analysts to do more investigations and fewer transaction reviews. AI and machine learning-based fraud prevention systems’ first contribution is often reducing the time fraud analysts take for manual reviews. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Merchants are finding AI, and machine learning-based approaches enable to score to approve more orders automatically, reject more orders automatically, and focus on those gray area orders, freeing up fraud analysts to do more strategic, rewarding work. They’re able to find more sophisticated, nuanced abuse attacks like refer a friend abuse or a promotion abuse or seller collusion in a marketplace. Letting the model do the work of true payment fraud prevention frees up those fraud analysts to do other worth that add value.

Conclusion

With the holiday season rapidly approaching, it’s time for merchants to look at how they can protect mobile transactions at scale across all selling channels. AI and machine learning are proving themselves as viable replacements to traditional rules engines that rely on predictable, known fraud patterns. With 70% of fraudulent transactions originating in the mobile channel in 2018 and the influx of orders coming in the next three months, now would be a good time for merchants to increase their ability to thwart mobile fraud while reducing false positives that alienate customers.

Sources:

RSA 2019 Current State of Cybercrime Report (11 pp., PDF, opt-in)

The Radicati Group, Mobile Statistics Report, 2019 – 2023 (3 pp., PDF, no opt-in)

U.S. Federal Trade Commission, Consumer Sentinel Network, Data Book 2018 (90 pp., PDF, no opt-in)

 

 

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
  • 71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

  • Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud providers’. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

7 Signs It’s Time To Get Focused On Zero Trust

7 Signs It’s Time To Get Focused On Zero Trust

When an experienced hacker can gain access to a company’s accounting and financial systems in 7 minutes or less after obtaining privileged access credentials, according to Ponemon, it’s time to get focused on Zero Trust Security. 2019 is on its way to being a record year for ransomware attacks, which grew 118% in Q1 of this year alone, according to McAfee Labs Threat Report. Data breaches on healthcare providers reached an all-time high in July of this year driven by the demand for healthcare records that range in price from $250 to over $1,000 becoming best-sellers on the Dark Web. Cybercriminals are using AI, bots, machine learning, and social engineering techniques as part of sophisticated, well-orchestrated strategies to gain access to banking, financial services, healthcare systems, and many other industries’ systems today.

Enterprises Need Greater Urgency Around Zero Trust

The escalating severity of cyberattacks and their success rates are proving that traditional approaches to cybersecurity based on “trust but verify” aren’t working anymore. What’s needed is more of a Zero Trust-based approach to managing every aspect of cybersecurity. By definition, Zero Trust is predicated on a “never trust, always verify” approach to access, from inside or outside the network. Enterprises need to begin with a Zero Trust Privilege-based strategy that verifies who is requesting access, the context of the request, and the risk of the access environment.

How urgent is it for enterprises to adopt Zero Trust? A recent survey of 2,000 full-time UK workers, completed by Censuswide in collaboration with Centrify, provides seven signs it’s time for enterprises to get a greater sense of urgency regarding their Zero Trust frameworks and initiatives. The seven signs are as follows:

  1. 77% of organizations’ workers admit that they have never received any form of cybersecurity skills training from their employer. In this day and age, it’s mind-blowing that three of every four organizations aren’t providing at least basic cybersecurity training, whether they intend to adopt Zero Trust or not. It’s like freely handing out driver’s licenses to anyone who wants one so they can drive the freeways of Los Angeles or San Francisco. The greater the training, the safer the driver. Likewise, the greater the cybersecurity training, the safer the worker, company and customers they serve.
  2. 69% of employees doubt the cybersecurity processes in place in their organizations today. When the majority of employees don’t trust the security processes in place in an organization, they invent their own, often bringing their favorite security solutions into an enterprise. Shadow IT proliferates, productivity often slows down, and enterprise is more at risk of a breach than ever before. When there’s no governance or structure to managing data, cybercriminals flourish.
  3. 63% of British workers interviewed do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense. It’s astounding that nearly two-thirds of the workers in an organization aren’t aware that unauthorized access to another person’s email account without their permission is a crime. The UK passed into law 30 years ago the Computer Misuse Act. The law was created to protect individuals’ and organizations’ electronic data. The Act makes it a crime to access or modify data stored on a computer without authorization to do so. The penalties are steep for anyone found guilty of gaining access to a computer without permission, starting with up to two years in prison and a £5,000 fine. It’s alarming how high the lack of awareness is of this law, and an urgent call to action to prioritize organization-wide cybersecurity training.
  4. 27% of workers use the same password for multiple accounts. The Consensus survey finds that workers are using identical passwords for their work systems, social media accounts, and both personal and professional e-mail accounts. Cybersecurity training can help reduce this practice, but Zero Trust is badly needed to protect privileged access credentials that may have identical passwords to someone’s Facebook account, for example.
  5. 14% of employees admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office.  Organizations need to make it as difficult as possible for bad actors and cybercriminals to gain access to passwords instead of sharing them in handwritten notebooks and on Post-It notes. Any organization with this problem needs to immediately adopt Multi-Factor Authentication (MFA) as an additional security measure to ensure compromised passwords don’t lead to unauthorized access. For privileged accounts, use a password vault, which can make handwritten password notes (and shared passwords altogether) obsolete.
  6. 14% do not use multi-factor authentication for apps or services unless forced to do so. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure unsecured. Not securing privileged access credentials with MFA or, at the very least, vaulting them is like handing the keys to the kingdom to cybercriminals going after privileged account access. Securing privileged credentials needs to begin with a Zero Trust-based approach that verifies who is requesting access, the context of the request, and the risk of the access environment.
  7. 1 out of every 25 employees hacks into a colleague’s email account without permission. In the UK, this would be considered a violation of the Computer Misuse Act, which has some unfortunate outcomes for those found guilty of violating it. The Censuswide survey also found that one in 20 workers have logged into friend’s Facebook accounts without permission. If you work in an organization of over 1,000 people, for example, 40 people in your company have most likely hacked into a colleague’s email account, opening up your entire company to legal liability.

Conclusion

Leaving cybersecurity to chance and hoping employees will do the right thing isn’t a strategy; it’s an open invitation to get hacked. The Censuswide survey and many others like it reflect a fundamental truth that cybersecurity needs to become part of the muscle memory of any organization to be effective. As traditional IT network perimeters dissolve, enterprises need to replace “trust but verify” with a Zero Trust-based framework. Zero Trust Privilege mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Leaders in this area include Centrify, who combines password vaulting with brokering of identities, multi-factor authentication enforcement, and “just enough” privilege, all while securing remote access and monitoring of all privileged sessions.

10 Charts That Will Change Your Perspective Of AI In Security

10 Charts That Will Change Your Perspective Of AI In Security

Rapid advances in AI and machine learning are defining cybersecurity’s future daily. Identities are the new security perimeter and Zero Trust Security frameworks are capitalizing on AI’s insights to thwart breaches in milliseconds. Advances in AI and machine learning are also driving the transformation of endpoint security toward greater accuracy and contextually intelligence.

69% of enterprise executives believe artificial intelligence (AI) will be necessary to respond to cyberattacks with the majority of telecom companies (80%) saying they are counting on AI to help identify threats and thwart attacks according to Capgemini. Gartner predicts $137.4B will be spent on Information Security and Risk Management in 2019, increasing to $175.5B in 2023, reaching a CAGR of 9.1%. Cloud Security, Data Security, and Infrastructure Protection are the fastest-growing areas of security spending through 2023. The following ten charts illustrate the market and technological factors driving the rapid growth of AI in security today:

  • AI shows the greatest potential for fraud detection, malware detection, assigning risk scores to login attempts on networks, and intrusion detection. Supervised and unsupervised machine learning algorithms are proving to be effective in identifying potentially fraudulent online transaction activity. By definition, supervised machine learning algorithms rely on historical data to find patterns not discernible with traditional rule-based approaches to fraud detection. Finding anomalies, interrelationships, and valid links between emerging factors and variables is unsupervised machine learning’s core strength. Combining each is proving to be very effective in identifying anomalous behavior and reducing or restricting access. Kount’s  Omniscore relies on these technologies to provide an AI-driven transaction safety rating. Source: Capgemini Research Institute, Reinventing Cybersecurity with Artificial Intelligence – The new frontier in digital security (28 pp., PDF, no opt-in).
  • 80% of telecommunications executives stated that they believe their organization would not be able to respond to cyberattacks without AI. Across all seven industries studied in a recent Capgemini survey, 69% of all senior executives say they would not be able to respond to a cyberattack without AI. 75% of banking executives realize they’ll need AI to thwart a cyberattack. Interestingly, 59% of Utilities executives, the lowest response to this question on the survey, see AI as essential for battling a cyberattack. Utilities are one of the more vulnerable industries to attacks given their legacy infrastructure. Source: Statistica, Share of organizations that rely on artificial intelligence (AI) for cybersecurity in selected countries as of 2019, by industry
  • 51% of enterprises primarily rely on AI for threat detection, leading prediction, and response. Consistent with the majority of cybersecurity surveys of enterprises’ AI adoption for cybersecurity in 2019, AI is relied the majority of the time for detecting threats. A small percentage of enterprises have progressed past detection to prediction and response, as the graphic below shows. Many of the more interesting AI projects today are in prediction and response, given how the challenges in these areas expand the boundaries of technologies fast. Source: Capgemini Research Institute, Reinventing Cybersecurity with Artificial Intelligence – The new frontier in digital security (28 pp., PDF, no opt-in).
  • Enterprises are relying on AI as the foundation of their security automation frameworks. AI-driven security automation frameworks are designed to flex and support new digital business models across an organization. Existing security automation frameworks can crunch and correlate threat patterns on massive volumes of disparate data, which introduces opportunities for advanced cybersecurity without disrupting business. Using alerts and prescriptive analytics for dynamic policies to address identified risks, enterprises can speed deployment of threat-blocking measures, increasing the agility of security operations. Source: Cognizant, Combating Cybersecurity Challenges with Advanced Analytics (PDF, 24 pp., no opt-in).
  • Cybersecurity leads all other investment categories this year of TD Ameritrade’s Registered Investment Advisors (RIA) Survey. The survey found RIAs are most interested in investment opportunities for their clients in AI-based cybersecurity new ventures. Source: TD Ameritrade Institutional 2019 RIA Sentiment Survey (PDF, 35 pp., no opt-in)
  • 62% of enterprises have adopted and implemented AI to its full potential for cybersecurity, or are still exploring additional uses. AI is gaining adoption in U.S.-based enterprises and is also being recommended by government policy influencers. Just 21% of enterprises have no plans for using AI-based cybersecurity today.  Source: Oracle, Security In the Age Of AI (18 pp., PDF. no opt-in
  • 71% of today’s organizations reporting they spend more on AI and machine learning for cybersecurity than they did two years ago. 26% and 28% of U.S. and Japanese IT professionals believe their organizations could be doing more. Additionally, 84% of respondents believe cyber-criminals are also using AI and ML to launch their attacks. When considered together, these figures indicate a strong belief that AI/ML based cybersecurity is no longer simply nice to have; it’s crucial to stop modern cyberattacks.   Source: Webroot, Knowledge Gaps: AI and Machine Learning in CyberSecurity Perspectives from the U.S. and Japanese IT Professionals (PDF, 9 pp., no opt-in)
  • 73% of enterprises have adopted security products with some form of AI integrated into them. Among enterprises that receive more than 1,000 alerts per day, the percentage that has AI-enabled products in their security infrastructure jumps to 84%. The findings suggest that some decision makers view AI as useful capability in dealing with the flood of alerts that they receive. Source: Osterman Research, The State of AI in Cybersecurity: The Benefits, Limitations and Evolving Questions (PDF, 10 pp., opt-in).
  • AI’s greatest benefit is the increase in the speed of analyzing threats (69%) followed by an acceleration in the containment of infected endpoints/devices and hosts (64%). Because AI reduces the time to respond to cyber exploits organizations can potentially save an average of more than $2.5 million in operating costs. Source: The Value of Artificial Intelligence in Cybersecurity – Sponsored by IBM Security Independently conducted by Ponemon Institute LLC, July 2018.

Financial Services Rely On BYOD – How Do They Stay Secure?

Financial Services Rely On BYOD – How Do They Stay Secure?

Bottom Line: 2020 is going to be the year companies launch more digital business initiatives that depend on BYOD than ever before, making Zero Trust Security a key contributor to their success.

Financial Services firms are at an inflection point going into 2020. Mobile-first products and services now dominate their product roadmaps for next year, with applications’ speed and security being paramount. In fintech, DevOps teams have been working with AngularJS for years now, and the scale and speed of their applications reflect their expertise. How well existing IT infrastructure flexes to support the new mobile-first product and services strategies depends on how quickly members of IT, customer service, and customer success teams can respond. BYOD is proving invaluable in achieving the speed of response these new digital business models require.

In 2020 more employees of Financial Services firms will rely on their mobile devices as their primary form of digital ID than has ever been the case before. A recent survey conducted by IDG in association with MobileIron found that 89% of security leaders believe mobile devices will be the primary digital ID employees use to gain access to resources and get work done. The CIOs I’ve spoken agree. A copy of the IDG and MobileIron study, Say Goodbye to Passwords, can be downloaded here.

Counting On BYOD To Deliver Responsiveness And Speed

CIO and IT bonuses are often indexed to the revenue contributions their new products and services deliver, making speed, scale, security, and responsiveness the most important features of all. Fintech CIOs are saying that BYOD is proving indispensable in scaling IT in support of new digital business initiatives as a result. By 2022, 75% of smartphones used in the enterprise will bring your own device (BYOD), up from 35% in 2018, forcing a migration from device-centric management to app- and data-centric management, according to Gartner’s Competitive Landscape: Managed Mobility Services.

Two factors continue to propel BYOD adoption in financial services, fueling the need for Zero Trust Security across every mobile device. The first is the need for real-time responsiveness from internal team members and the second is having every threat surface protected without degrading the time to respond to customers. Every CIO, IT and Product Management leader I’ve spoken with mention the race they are in to deliver mobile-first products and services early in 2020 that redefine their business.  With every identity being a new security perimeter, Financial Services firms are relying on Unified Endpoint Management (UEM), multi-factor authentication (MFA), and additional zero trust-enabling technologies as an integral part of their Enterprise Mobility Management (EMM) strategy. Their goal is to create a Zero Trust Security framework that protects every mobile device endpoint. Leaders in this field include MobileIron, who also provides zero sign-on (ZSO), and mobile threat defense (MTD) in addition to UEM and EMM solutions today.  The following are the key features every BYOD program needs to offer to stay secure, scale and succeed in 2020:

  •  Separation of business and personal data is a must-have in any BYOD security strategy. FinTechs who have the greatest success with BYOD as part of their digital initiatives are relying on Enterprise Mobility Management (EMM) to selectively wipe only the business data from a device in the event it is compromised.
  • An interactive, intuitive user experience that can be quickly customized at scale by role, department, and workflow requirements without impacting user productivity. Too often BYOD users have had to trade off having stronger security on their own devices versus using a company-provided smartphone to get remote work done. The best EMM and UEM solutions in the market today enable Zero Trust by treating every identity as a new security perimeter.
  • Define the success of a BYOD security strategy by how well it immediately shuts down access to confidential data and systems first. Being able to immediately block access to confidential systems and data is the most important aspect of securing any BYOD across a network.
  • Limit access to internal system resources based on the employee’s department, role, and function to eliminate the risk of confidential data ending up in a personal app. EMM solutions have progressed quickly, especially on the dimension of providing Zero Trust Security across BYOD networks. Look for an EMM solution that gives the administrator the flexibility of limiting mobile device access to a specific series of services and access points based on an employees’ role in a specific department and the scope of data they need access to.
  • Proven multi-operating system expertise and support for legacy internally created mobile applications and services. One of the main reasons BYOD is succeeding today as an enablement strategy is the freedom it gives users to select the device they prefer to work with. Supporting Android and IOS is a given. Look for advanced EMM and UEM solutions that also support legacy mobility applications. The best BYOD security solutions deliver device and application compatibility with no degradation in security or performance.

Conclusion – Why BYOD Strategies Need Zero Trust Now

Trust-but-verify isn’t working today. Attackers are capitalizing on it by stealing or buying privileged access credentials, accessing any system or database they choose. Financial Services firms fully expect their new products and services launching in 2020 to face an onslaught of breach and hacking attempts. Trust-but-verify approaches that are propagated across an enterprises’ BYOD base of devices using Virtual Private Networks and demilitarized zones (DMZ) impede employee’s productivity, often force login authentication. Trust-but verify doesn’t scale well into BYOD scenarios, leaving large gaps attackers can gain access to valuable internal data and systems. For BYOD users, trust-but-verify reduces productivity, delivers poor user experiences, and for new business models, slower customer response times.

By going to a Zero Trust Framework, Financial Services firms will be able to treat every identity and the mobile device they are using as their new security perimeter. Basing a BYOD strategy on a Zero Trust Framework enables any organization to find the correlation between the user, device, applications, and networks in milliseconds, thwarting potential threats before granting secure access to the device. Leaders delivering Zero Trust for BYOD include MobileIron, who provides endpoint management (UEM) capabilities with enabling technologies of zero sign-on (ZSO) user and device authentication, multi-factor authentication (MFA), and mobile threat detection (MTD).

%d bloggers like this: